CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

Published: Nov 12, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-6170
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
lenovo / thinkpad_helix_firmware	-	gfet65ww
lenovo / thinkpad_s531_firmware	-	gket46ww
lenovo / thinkpad_t440_firmware	-	gjeta3ww
lenovo / thinkpad_t440s_firmware	-	gjeta3ww
lenovo / thinkpad_t440p_firmware	-	gleta0ww
lenovo / thinkpad_t540p_firmware	-	gmet89ww
lenovo / thinkpad_w540_firmware	-	gnet92ww
lenovo / thinkpad_w541_firmware	-	gnet92ww
lenovo / thinkpad_x240_firmware	-	giet98ww
lenovo / thinkpad_x240s_firmware	-	giet98ww

https://support.lenovo.com/us/en/product_security/LEN-27714

Vulnerability Database

289,697

CVE-2019-6170